- From: Jamie Lokier <jamie@shareable.org>
- Date: Wed, 20 Aug 2008 14:04:38 +0100
- To: Dan Winship <dan.winship@gmail.com>
- Cc: Julian Reschke <julian.reschke@gmx.de>, ietf-http-wg@w3.org
Dan Winship wrote: > FWIW, 3 out of the big 4 browsers also don't correctly parse multiple > WWW-Authenticate headers that have been merged into one (even though > 2617 explicitly points out this possibility). So it might be best to > just say that intermediaries SHOULD NOT merge headers, except in cases > where they know it's safe. Do they handle unmerged, multiple WWW-Authenticate headers correctly? -- Jamie
Received on Wednesday, 20 August 2008 13:05:14 UTC